For Palo logs, the username is being extracted with the domain in front of it, i.e., `domain\user`
To be CIM compliant, shouldn't the domain\ be removed so only the user is listed as a value? Is there a way to remove the domain\ from the user field extraction?
Thx
↧